Mitigate the security vulnerability by sanitizing the transaction flags.

- This is part of fix of commit
  Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df for backporting.
- Part of commit Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df which
  sanitizes the transaction flags from DisplayState instead.
- In rvc, we only have ACCESS_SURFACE_FLINGER permission check passed as
  `privileged` argument in SF::applyTransactionState. We can directly
  utilize it for sanitization in DiaplyState.
- In rvc code base, SF::setTransactionState pass a const array of
  displayState objects and then call SF::applyTransactionState. To
  successfully sanitize the flags for each displayState object, we
  convert this const array into non-const one before calling
  SF::applyTransactionState.

Bug: 248031255
Test: test using displaytoken app manually on the phone, test shell
screenrecord during using displaytoken; atest
android.hardware.camera2.cts.FastBasicsTest

Change-Id: Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df
Merged-In: Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df
(cherry picked from commit 03d4458e)
Merged-In: Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df